Life at Eclipse

Musings on the Eclipse Foundation, the community and the ecosystem

Archive for June 2022

Eclipse Foundation Celebrates Pride Month

leave a comment »

From all of us at the Eclipse Foundation, we’d like to wish the LGBTQ+ community a happy Pride Month.

As June winds down, we’d like to recognize the Eclipse Community’s continuing efforts to foster an open and welcoming environment for everyone. 

Our Community Code of Conduct outlines the standards of behavior for everyone in our community. These standards include the usage of inclusive and welcoming language, being respectful of differing viewpoints, and showing empathy towards members of differing communities.

With contributors and committers from all over the world with different life experiences, we understand that it takes all of us to maintain a culture where everyone can feel like they belong. We also understand that our efforts to create safe and accepting spaces for people of all races, faiths, sexual orientations and gender identities do not end at simply upholding our Code of Conduct. 

That’s why we’re welcoming feedback on how we can increase our inclusion and diversity efforts. If you have any ideas on how we can work to improve in this area, please contact  emo@eclipse.org.

Written by Mike Milinkovich

June 27, 2022 at 8:43 am

Posted in Foundation

Open Source Security at the Eclipse Foundation

with 2 comments

Open source software is the single most important engine for innovation today. The ability to freely combine software components, frameworks, and platforms frees developers from constantly reinventing the wheel and allows them to focus on the new innovations that users want. Free software also enables business models to scale in ways that proprietary software would never allow. Globally and in all sectors of the economy, building on top of open source software is the dominant approach to delivering successful software systems today. 

However, with great success comes great responsibility. From Heartbleed to SolarWinds to Log4j, securing open source software and its global supply chain has never been more important. The reasons for this are many, but among them is that for too long open source has been treated by many of its consumers as “free as in free beer” where they should have been treating it as “free as in a free puppy.” Contributing to the sustainability of the projects and communities that deliver open source is really no longer a choice. It is a necessity.

At the Eclipse Foundation, we believe that foundations have a role to play in addressing the challenges of securing open source and its supply chain. Specifically, we want to provide services to our projects that help improve their security posture. But doing so requires additional staff and resources. That’s why we are so grateful for the financial support from the OpenSSF’s Alpha-Omega project, being announced today. This money will allow us to start building a team to roll out many of the ideas in our Open Source Software Supply Chain Best Practices document under the leadership of Mikael Barbero, our Head of Security. 

Some of the ways that we are going to put this funding to good use include:

  • Automate the generation of static source-based SBOMs for all Eclipse Foundation project repositories.
  • Implement a SLSA-based project badging program for Eclipse Foundation projects.
  • Initiate a number of security audits for high-profile Eclipse Foundation projects.

We are also going to provide regular and public updates to the community about our progress and initiatives.

Software security is a never-ending process. This funding is the first step in a journey. We appreciate the support of the Alpha-Omega project, and are committed to using it effectively. 

Written by Mike Milinkovich

June 19, 2022 at 7:28 pm